qa

SUSPICIOUS: the stated QA purpose is legitimate and most actions fit that purpose, but the skill’s core execution depends on an unverifiable external browse binary and forwards passwords/cookies into it. Under the mandatory override, this is high security risk and medium malware concern due to credential forwarding to opaque third-party code, even without explicit proof of exfiltration.